Consumer adoption of smartphones is growing globally at an exponential rate. Technology is becoming increasingly individualized and this is manifest in what is commonly referred to as the consumerization of information technology (IT). Individuals are choosing the tools that work best for them and they expect these tools to be complementary and not in conflict with their productivity in corporate environments. Because these smartphones support key enterprise productivity features, like corporate calendars, contacts and email, personal smartphones and tablets are increasingly being brought to work with the expectation that they can be integrated with the enterprise in order to be used for work activities.
The use of personal devices in the enterprise environment however is problematic because the devices are not controlled by the enterprise. What started with C-level executives persuading enterprise IT departments to support their iPhones has set the stage for the rest of workforce to expect their technology choices to work in the corporate environment. This has led to a shift away from a homogenous enterprise environment (Blackberry) to dual environments (Blackberry and iOS), to completely mixed environments (Blackberry, iOS, Android, WinPhone7, webOS, etc.). To IT, however, consumer adoption of numerous devices and platforms has radically changed the landscape and implications for IT as there are now numerous mobile OS platforms to cause concern.
What is common to all of the mobile operating systems is that the OS update process has not shifted away from an archaic process that keeps control firmly in the hands of handset manufacturers and mobile carriers, meaning the enterprise IT department has no control. Further, mobile devices have a unique process requiring cooperation between the handset manufacturer, OS vendor and carrier resulting in an average of many months to introduce updates. These long update cycles exacerbate the trend of increasing malware and viruses for mobile devices that attack operating system vulnerabilities. Exploits targeting OS vulnerabilities far outnumber application level attacks, and these exploits jeopardize the trust between enterprises and mobile devices coming to their networks. Consequently, enterprise IT departments face a heterogeneous environment in a couple of dimensions: device ownership as well as mobile device platforms.
The challenge for enterprise IT departments is that instead of having to support a limited number of device types or brands, they now have fragmented support across numerous mobile platforms which means that numerous different device types or brands and therefore numerous different operating systems and applications are required to be supported and maintained. This increases security risks, vulnerabilities, and exposure, and increases length of time required to update the supported devices. The result is that enterprise IT has no visibility into who is using which device, whether the devices are up to date in terms of OS/software configuration, and the risk or exposure associated with each device and/or OS/software configuration. Thus, considering the consequences and risks of allowing these devices to be integrated with the enterprise in order to be used for work activities, IT departments are struggling to keep up with the rate of change and understand and manage mobile device capabilities and risks as they appear on their networks.